Subscription sprawl is the accumulation of too many recurring software services across teams, departments, or individual users. It usually happens when people can buy tools quickly, renewals are automatic, and no one maintains a complete inventory of what is being paid for. Over time, a company ends up with overlapping SaaS tools, unused licenses, and multiple vendors providing similar functions.
In cyber security, subscription sprawl matters because every extra service adds another account, payment relationship, and set of permissions to manage. Forgotten subscriptions can keep storing data, expose personal or business information, and create stale user accounts that attackers may abuse. It also makes security reviews harder: defenders may miss risky apps, weak access controls, or unauthorized renewals. Common defenses include centralized procurement, regular subscription audits, owner assignment, license cleanup, and tying renewals to approval workflows so unused services are removed before they become a security and cost problem.



